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Remarks 

This response is intended as a full and complete response to the final 
Office Action mailed January 26, 2005. In the Office Action, the Examiner notes 
that claims 1-9 are pending of which claims 1-6 are allowed and claims 7-9 are 
rejected. By this response, claims 7 and 8 are amended. The amendments to 
the claims are fully supported by the Specification and claims as originally filed. 
For example, the amendments to claim 7 are supported generally by the entire 
Specification, and specifically at least by page 7, lines 12-29. The amendments 
to claim 8 are supported at least by claim 1 as originally filed and by the 
Specification at page 6, lines 8-20. Thus, no new matter has been introduced 
and the Examiner is respectfully requested to enter the amendments to the 
claims. 

In view of both the amendments presented above and the following 
discussion, the Applicant submits that none of the claims now pending in the 
application are anticipated under the provisions of 35 U.SC §102. Thus, the 
Applicant believes that all of these claims are now in allowable form. 

It is to be understood that the Applicant, by amending the claims, does not 
acquiesce to the Examiner's characterizations of the art of record or to the 
Applicant's subject matter recited in the pending claims. Further, the Applicant is 
not acquiescing to the Examiner's statements as to the applicability of the art of 
record to the pending claims by filing the instant responsive amendments. 

ALLOWABLE SUBJECT MATTER 

The Applicant thanks the Examiner for the allowance of claims 1-6. 

REJECTIONS 
Rejections of claims under 35 U.S.C. $ 102 

Claims 7-9 are rejected under 35 U.S. C. §1 02(e) as being anticipated by 
U.S. Patent Application Publication Number 2002/0031 134 published March 14, 
2002 to Poletto et al. (hereinafter Poletto). 
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Claim 7 

The Applicant's claim 7 recites (emphasis added below): 

"7. A method for thwarting coordinated SYIM denial of service 
(CSDoS) attacks against a server S disposed in a network of 
interconnected elements communicating using the TCP protocol, 
said attack originating from a malicious host generating SYN 
packets destined for said server, said method comprising the steps 
of 

arranging a switch receiving said SYN packets destined to 
said server to forward said SYN packets to a TCP proxy arranged 
to operate without an associated cache, 

wherein said TCP proxy does not establish a TCP connection, 
corresponding to a particular SYN packet, with said server until it 
receives a SYN/ACK packet, corresponding to the particular SYN 
packet from said malicious host generating SYN packets ." 

"Anticipation requires the presence in a single prior art reference 
disclosure of each and every element of the claimed invention , arranged as in the 
claim" fLindemann Maschinenfabrik GmbH v. American Hoist & Derrick Co. , 730 
F.2d 1452, 221 USPQ 481, 485 (Fed. Cir. 1984) (citing Connell v. Sears. 
Roebuck & Co. f 722 F.2d 1542, 220 USPQ 193 (Fed. Cir. 1983)) (emphasis 
added). The Poletto reference fails to disclose each and every element of the 
claimed invention, as arranged in the claim. 

Specifically, the Poletto reference fails to teach or suggest at least the 
" wherein said TCP proxy does not establish a TCP connection, corresponding to 
a particular SYN packet, with said server until it receives a SYN/ACK packet 
corresponding to the particular SYN packet, from said malicious host generating 
SYN packets " as recited in the claim as amended. 

Poletto discloses "a system architecture for thwarting denial of service 

attacks on a victim data center (abstract). Specifically, the system of Poletto 

responds to a TCP SYN flood attack as disclosed below (emphasis added): 

"[0062] Referring to FIG. 10, in an active configuration, a gateway 
26 can defend against SYN flood attacks. During connection setup, 
the gateway forwards 102 a SYN packet from a client to a server . 
The gateway forwards 104 a resulting SYN ACK packet from a 
server to client and immediately sends 1 06 ACK packet to the 
server, closing a three-way handshake. The gateway maintains the 
resulting connection for a timeout period 108. If the ACK packet 



339101-1 



PAGE 8/1 r RCVD AT 3/28/2005 3:49:26 PM [Eastern Standard Time] * SVR:USPTMFXRF-1/2 » DN1S:8729306 ■ CSDtf 7325309808 1 DURATION (mm-ss):03-05 



Mar-28-2005 04:42pm Frcra-Hossr, Patterson £ Sheridan, LLP - NJ +17325309808 T-616 P. 009/011 F-479 

Serial No. 09/672,206 
Page 7 of 9 

does not arrive from client to server IIP, the gateway sends 112 a 
RST ("reset") to the server to close the connection . If the ACK 
arrives 1 14, gateway forwards 116 the ACK and forgets 1 18 about 
the connection, forwarding subsequent packets for that connection. 
A variable timeout 120 period can be used. The variable time out 
period can be inversely proportional to number of connections for 
which a first ACK packet from client has not been received. If 
gateway 26 is placed inline in the network, when number of non- 
ACK'ed connections reaches a configurable threshold 122, the 
gateway will not forward any new SYNs until it finishes sending 
RSTs for those connections." (paragraph 62) 

Thus, as can be seen in the above-recited section, the gateway of Poletto 

automatically forwards the SYN packet from the client to the server. Only after 

an ACK packet does not arrive at the gateway, after waiting for a timeout period, 

does the gateway reset the TCP connection to the server. Therefore Poletto 

does not teach or suggest not establishing a TCP connection with the server until 

a SYN/ACK packet is received from the host (i.e, client) generating SYN packets. 

As such, the Applicant submits that independent claim 7 is not anticipated 
and fully satisfies the requirements under 35 U.S.C. § 102 and is patentable 
thereunder, Therefore, the Applicant respectfully requests that the rejection be 
withdrawn. 

Claim 8 

The Applicant's claim 8 recites (emphasis added below): 

"8. A method for thwarting coordinated SYN denial of service 
(CSDOS) attacks against a server S disposed in a network of 
interconnected elements communicating using the TCP protocol, 
comprising the steps of 

forwarding a statistical sampling of packets from a switch in 
said network to a processor, 

if packets in said sampling indicate an attack against said 
server, altering the operation of said switch to forward all packets 
destined for said server to said processor ." 

"Anticipation requires the presence in a single prior art reference 

disclosure of each and every element of the claimed invention , arranged as in the 

claim" (Lindemann Maschinenfabrik GmbH v. American Hoist & Derrick Co. , 730 

F.2d 1452, 221 USPQ 481, 485 (Fed. Cir. 1984) (citing Connell v. Sears. 

Roebuck & Co. , 722 F.2d 1542, 220 USPQ 193 (Fed. Cir. 1983)) (emphasis 
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added). The Poletto reference fails to disclose each and every element of the 
claimed invention, as arranged in the claim. 

Specifically, the Poletto reference fails to teach or suggest at least the "if 
packets in said sampling indicate an attack against said server, altering the 
operation of said switch to forward all packets destined for said server to said 
processor* as recited in the claim as amended. 

Poletto discloses M a system architecture for thwarting denial of service 
attacks on a victim data center" (abstract). However, as acknowledged by the 
Examiner, "the prior art of record does not explicitly teach controlling a network 
switch to divert a predetermined fraction of SYN packets destined for a server, to 
a web guard processor, and if after monitoring the timed-out connections 
exceeds a predetermined threshold, controlling the switch to divert a|l SYN 
packets destined to said server to said web guard processor" (page2, item no. 2, 
allowable subject matter). It is believed that the relevant limitations of claim 8 are 
substantially similar to the limitations allowable limitations of claim 1, as indicated 
by the Examiner. 

As such, the Applicant submits that independent claim 8 is not anticipated 
and fully satisfies the requirements under 35 U.S.C, § 102 and is patentable 
thereunder. Furthermore, claim 9 depends directly from independent claim 8 and 
recites additional limitations thereof. As such, and for at least the same reasons 
discussed above, the Applicant submits that this dependent claims also fully 
satisfies the requirements under 35 U.S.C. §102 and is patentable thereunder. 
Therefore, the Applicant respectfully requests that the rejection be withdrawn. 
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CONCLUSION 



Thus, the Applicant submits that claims 7-9 are in condition for allowance. 
Furthermore, the specification and Abstract has been amended as requested by 
the Examiner. Accordingly, both reconsideration of this application and its swift 
passage to issue are earnestly solicited. 

If, however, the Examiner believes that there are any unresolved issues 
requiring adverse final action in any of the claims now pending in the application, 
it is requested that the Examiner telephone Eamon J. VValL at (732) 530-9404 so 
that appropriate arrangements can be made for resolving such issues as 
expeditiously as possible. 



Respectfully submitted, 





Eamon J. Wall, Attorney 
Reg. No. 39,414 
(732) 530-9404 



Moser, Patterson & Sheridan, LLP 
595 Shrewsbury Avenue 
Suite 100 

Shrewsbury, New Jersey 07702 
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